July 6, 2004 11:11 AM PDT

Fear of viruses and poor protection grows

Related Stories

Lurking threats cast shadow on Net

October 29, 2004

Concern grows over browser security

April 12, 2004

Slammer--the first 'Warhol' worm?

February 3, 2003
Three-quarters of European businesses surveyed said they believe viruses will become more dangerous, while two-thirds believe the frequency of attacks will increase, according to e-mail security company MessageLabs.

Natasha Staley, an information security analyst at MessageLabs, said Tuesday that given the massive increase in virus activity over the past couple of years, it's likely this alarming growth will continue.

The greatest concern to the antivirus industry, however, will be the fact that many businesses believe time is running out for companies whose protection from malicious software now lags behind the advances being made by virus writers.

According to separate research from the FBI, 99 percent of businesses have antivirus protection. Yet in 2003, 82 percent were attacked by a virus, resulting in more than $200 billion in losses.

Therefore, it's perhaps unsurprising that only 35 percent of respondents to the MessageLabs survey expressed confidence in traditional antivirus software, while 43 percent said they are no longer confident about the protection it affords. Almost a quarter of respondents (22 percent) said the changing face of virus threats means traditional antivirus products will be obsolete within the decade.

MessageLabs' Staley said that much of the problem results from the inherent "sacrificial lamb" approach to so-called signature-based antivirus technology--the chance that somebody may "need" to get infected with a virus for others to be protected. Signatures are short code snippets or patterns found in a virus or Trojan horse that are unique to the program. Antivirus software can use such identifiers to weed out bad programs from the good.

"This research shows that customers are starting to lose faith in traditional antivirus solutions," Staley said. "It can be very frustrating for companies who are still be getting caught out, despite doing everything they can to protect themselves."

Much of the problem is with the rapid propagation of worms. Those pieces of malware known as "Warhol" worms, worms that spread rapidly and enjoy "15 minutes of fame," often do their damage long before patches have been put in place or a signature-based antivirus solution database has been updated.

Often that process of updating signature files and putting a fix in place can take anywhere between six or seven hours and a whole day.

Security software company Finjan, which claims to proactively stop viruses by scanning and monitoring all active content on a network, refers to this as a "window of vulnerability." In essence, a window exists from the point a vulnerability is known until the point when it is fixed. Any exploit released into the wild during that time can cause serious harm to a business.

Nick Sears, a vice president at Finjan Software, said: "Many of the current (antivirus) solutions are excellent at recognizing and blocking viruses that currently exist, but cannot cope with new Internet attacks."

The very nature of signature-based antivirus technology, at its most rudimentary, means there is always a danger some customers will be hit, so that others can be protected.

Sears added: "As a result, it is purely a question of luck as to whether you or your competitor is hit in this interim period."

Will Sturgeon of Silicon.com reported from London.

1 comment

Join the conversation!
Add your comment
Anti Virus ineffective?? I think not....
Although I have no clue what the survey in question asked, what is evident, based upon this story is, that many of those surveyed do not understand basic network security or the true purpose of virus protection. Historically, viruses took their time infecting machines because it was more difficult to transport them and cause infection. With more people coming onto the world of inter-connectivity across the internet, greater access to email and a lack of knowledge of security, the spread of viruses have become greater and are spreading at ever increasing rates.

Anti-virus software's purpose is not as a first line of defense but a secondary point of defense in your security plan. Generally, viruses are engineered based upon some specific exploits. The Blaster Virus, and the Sasser Virus among others take a specific vulnerability and exploit those vulnerabilities. However, the pattern regarding the implementation of such code is that generally the code is released within 72 hours to as much as one week after such vulnerabilities are announced by the company affected by the vulnerability. Most recently, with the Sasser Virus and its variants, the offending vulnerability was announced and subsequently backed up with a patch as much as one week prior to the virus hitting the wild.

In the world of business it is not just an irritation to deal with security, it is a necessity. Downtime costs for small business is devastating, downtime for large companies is expensive and regardless whether you are a small business owner or a shareholder, the downtime affects the bottom line. It has become a new responsibility to maintain virus definitions and to ensure your organization has a solid patch plan in place.

Virus definition companies are there to provide a tool of proactive prevention, not immediate first line defense. Some packages have started implementing heuristics in order to detect possible viral activities, but it is still not free thinking AI that can use judgment. With personal firewall equipment becoming less expensive, the ability to install software firewall protecting inexpensively, and the companies like Microsoft becoming more active in announcing and providing patches, the only allowing virus activity to take over business computing are those managing their IT Programs.

Virus protection and security in and of itself takes a tiered approach. You can prevent disabling code from getting in your network and PCs, you just need to be educated about what your particular network or IT Program needs. If you do not know what you need, send your people to training or ask a consultant. The money spent on training or a consultant now will reduce your liability tremendously in the future.

The upshot to all of this is, not that we should lose faith in companies like Symantec or whoever owns McAfee these days, they are working hard providing quality products to help us and prevent future infections of viruses that creep back. But we should put renewed faith in theses companies and increase our own awareness as end users and owners of businesses and networks.

My Name is Jeff Bowman and I am the owner and primary consultant of SouthTek Solutions (www.southtekl.net).
Posted by (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.